Last visited

Community Reputation

About wwwd40

Profile Information

The main switchgear is probably somewhere near the generators in the basement levels and will be buggered. The building is owned by Sabey now who (quote) "Sabey has more than 20 years of experience in the data center business and is perhaps the largest provider of hydro-powered facilities in the United States." The hydro thing is pretty ironic ;-) ref: https://www.datacenterknowledge.com/archives/2011/06/07/sabey-acquires-huge-verizon-building-in-nyc/ Anyone know whether their planed power system upgrades had already happened? If not it might be time to embark on that.

A typical NIC will drop ghost frames - they are normally an indication of electrical interference (wiring problems). Usually the NIC will deny all knowledge of ghosts and since the software is relying on what the chipset is telling it, it wont be reported in software either (interface stats, test tool interface etc). Its the same as jam events on a collision domain. As for generating your own, I could be wrong, it might be done with modified drivers but how you'd see them based on them being dropped by the rx'ing NIC chipset I'm not sure. I don't think C raw buffer's allow you to specify preamble or sfd as the NIC handles that for you (its a 'flavour of ethernet' NIC after all so is complying with the standards). Everything I've seen on programming the raw frames starts at MACDST, but if you find a way then post your findings. Cheers, wd

I've recently been looking into intrusion deception systems, specifically the Mykonos Juniper solution (see
for an overview). Essentially it is a proxy that sits in front of your webserver and injects/strips code served by the webserver to place 'tar traps' that entice an attacker during the early phases of an attack. It attempts to profile the attacker on a per machine basis according to the severity of their activities. It attempts to track them by placing various "persistent tokens" (cookies, browser specific storage, multimedia framework storage (Flash, silverlight) clientside javascript storage, clever use of etag values): so independent of and more intelligent than simple ip tracking. The injected code points are numerous and configurable making it very difficult to tell whether the object you are playing with is a true resource of the website or a tar trap until you've already "tripped a wire" at which point the system may be remediating you: slowing your connection, presenting captcha if it thinks you are a bot, blocking your connection entirely, serving up broken pages, forcing log out etc.NB this doesnt actually spot attacks, just spots the potential for attacks by looking for reconnaissance activity. Its not a web application firewall or IPS/IDS. This approach goes a long way to visibility of activities that are normally very difficult to spot, address or report on. It also is not very intensive to set up and configure and doesn't require an ever updating list of signatures (lets be honest signature systems are often a step or 2 behind). From what I can tell, an attacker that: Uses a different VM for each recon activity or session or Goes straight for blind attacks or Is very efficient at cleaning their caches or Uses a browser that stores absolutely nothing (or an application that isn't a browser) may be able to thwart parts of the system tracking. Additionally, the system is not completely mature in terms of its clustering ability/data correlation and I can see companies being very jumpy about anything that is going to sit in line between their SLB and webfarm so it needs to be 100% proven. That said, people already do this with web application firewalls - I can see Mykanos like functionality being incorporated into these appliances very soon. Does anyone have any experience with this or similar systems? Does anyone have any of this software that can be tested? Cheers, /wd EDIT - Some interesting info: Open source persistent cookies: http://samy.pl/evercookie/ Mykanos blog about evercookie: http://blog.mykonossoftware.com/?p=142

Don't worry.. It was bumped by a spammer to whom I replied to with an appropriatly terse response, only for the mods to remove the spam post making it look like I bumped it back from the grave. Honest guv it wasn't me. Kudos to the new mods for dealing with abuse so quickly

Hi, What is the make and model of your hard disk and what is the make and model of the machine it originally came from? There are some defaults that might work for you, and these can be found with a little bit of searching the web. Cheers Wd

well do u know how to make a USB keylogger? Make a USB keylogger? http://www.instructables.com/id/How-to-build-your-own-USB-Keylogger/ Or do you mean how to install a key logger application silently via a USB stick? http://wiki.hak5.org/index.php?title=USB_Switchblade I suppose it is anyone's guess.

Found this in my bookmarks, thought it might help & amuse similarly small minded people such as myself. http://routergod.com/ Some good basic information can be found presented in a comical way, e.g. http://www.routergod.com/paulhogan/index.html

Hrmph. DDoS isn't "hacking" and it's lame. Botnets can be interesting, but not for what you want to do (malicious activity). You'd be better off spending your time on better ventures. IE - "real hacking". There's a ton of ways you can get involved which don't involve destruction and disturbance of services. Hardware hacking, System & network security, etc. I dunno I never really saw any use for white-hat other than stress testing software. Are there any other practical uses? Where would I get started with this? Nothing was mentioned about colours of hats and in any case, all the same knowledge applies just with a different application and moral compass. I think Beave's point was that generally there is not much to be learned by building a Zeus et al botnet and blasting crap at 'targets'. You seem to be outcome focussed (I want to get invovled in DDOS) as opposed to focussing on the journey of learning the mechanics behind a botnet and how you would go about coding your own, or re engineering the leaked Zeus code for example. Why is it that you want to get involved in DDOS activites?

It's fair to point out to you that this is the type of question that wont recieve many welcome responses around here as it is far too open ended, and doesnt show a whole lot of understanding or research on your part. There is no process or flow chart that says 'do x then y and a bit of z' and a hacked website will drop out of the end. The most important thing for you is to know your target (google for hacking reconnaissance phase or similar). By gathering information about the website application and more generally the server, infrastructure that it runs over as well as the people who use or maintain the site you can research those technologies and people and plan the best way of achieving your goal. For example the site in question may well utilise SQL queries from the web front end to a backend database. It could be possible to manipulate the way the web interface interacts with the database to reveal superuser or administrator account details and will require nothing more than a web browser. Or, for example, the webserver may have known vulnerabilities which are exploitable - maybe a buffer overflow is present that allows for injection of shell code to return an admin shell. However, these are just two examples of possibilities - it would be just as valid to install a key logger on the web site administrator PC and steal his admin credentials that way. It all hinges on your research and what is 'the low hanging fruit'. Note that there are automated tools that can scan for poor input validation of web forms for SQL vulnerabilities and the same for known defects in web server applications. Lastly, if it appears that you dont want to put in any effort and learn things for yourself and you just want to achieve an outcome then prepare for disappointment. Additionally if you just go around downloading random tools and pointing them at websites then you should expect to pick up a virus or two along the way and depending on how effective the tool, the nature of the site, and how well you covered your tracks you may well have a knock on the door from the sweeny.

If you are using esxi or some other VM set up, you can connect using vsphere or by connecting to the host os in another way. For sun servers, you may want to look at the LOM port which is effectively a serial connection that allows you to bring the box back up when it's dropped run levels for some reason. As for BSOD on a windows box.. jeez! Isn't the only thing that will sort that a power cycle? If so, why not install network connected PDU's (apc and others do this, you could probably build your own without too much trouble) and kill the power then bring it back up? Its not going to be a panacea for all faults but would work in the bsod scenario you mentioned.

Before I saw the windows requirement, I automatically thought of ZFS. A quick google revealed http://code.google.com/p/zfs-win/ - it looks immature but might be something to look into further. cheers, /wd40

The bit at the bottom looks like detail of muxed optical channels split according to their lambdas (wavelengths). The "blobs" hanging off the H octogon look like peering or transit points with the respective networks AS numbers.. e.g. AS2976 is sprint, AS1584 is DoD Network Information Center (http://bgp.he.net for search).

If I asked "And seriously, what's NOT awesome and cool about having your own server in your pocket!?", I'd expect no less than posts highlighting the potential issues. Here are some links of projects already doing this which might help you jasonmanley87 http://www.xda-developers.com/android/run-a-website-on-android-with-paw-server/ http://code.google.com/p/i-jetty/